From owner-freebsd-net@FreeBSD.ORG Wed Mar 25 16:34:38 2015 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id AE87CAC4 for ; Wed, 25 Mar 2015 16:34:38 +0000 (UTC) Received: from mail-la0-x235.google.com (mail-la0-x235.google.com [IPv6:2a00:1450:4010:c03::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2E6F2F65 for ; Wed, 25 Mar 2015 16:34:38 +0000 (UTC) Received: by lagg8 with SMTP id g8so24480047lag.1 for ; Wed, 25 Mar 2015 09:34:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=rZi6Z2n9m1tXP3Jo8ADcpSzsANAwLvmJpWWvQQpPd9E=; b=X+I2JVrKGQGykQCpJvG1xZ/4hLLN0shVQqdmhV5prKUwHy9is0VcFo8HIH2TIDGGVR Ee8T14Xzbiwk6XwClJ6ZSH0mZqgaiGCsFXSg4HtYbbvU1ujXlNJS0H7VJH/YFyJjRpdA fiKmnLmn7QB6wtT/2Br+b6Gs7VswQep9m52pf2BOi118smi+Oq4Y5SBt2s+D191vIRcK CL7fm2/2YHFTuyI+3vNtSoN3iy+EvZ4Uwk4eSkwVhpp89WAt/ozEl3DxWD8IWONkpRtS YKH5RTUZ8H4h1G+H0J57mjIDXn7QUhBTZ5q8u8I7bJNQ/V4MuJsZuZNoFPyUSuNE4qEm 3lYw== MIME-Version: 1.0 X-Received: by 10.152.7.172 with SMTP id k12mr9408392laa.100.1427301276398; Wed, 25 Mar 2015 09:34:36 -0700 (PDT) Sender: rizzo.unipi@gmail.com Received: by 10.114.180.4 with HTTP; Wed, 25 Mar 2015 09:34:36 -0700 (PDT) In-Reply-To: <5512C2AF.6050300@gmail.com> References: <5512BED2.2060509@gmail.com> <5512C2AF.6050300@gmail.com> Date: Wed, 25 Mar 2015 17:34:36 +0100 X-Google-Sender-Auth: dIIRwBRQunp-Zk1VtK3YQuTu11w Message-ID: Subject: Re: Equivalnet options between pf_ring and netmap From: Luigi Rizzo To: "C.L. Martinez" Content-Type: text/plain; charset=UTF-8 Cc: "freebsd-net@freebsd.org" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Mar 2015 16:34:38 -0000 On Wed, Mar 25, 2015 at 3:14 PM, C.L. Martinez wrote: > On 03/25/2015 02:03 PM, Luigi Rizzo wrote: >> >> perhaps it is easier to tell if you explain what those pf_ring options do. >> i am puzzled by the question on disabling tx, because if you do not >> want to transmit, you just... don't! > > > Ok, I will try to explain it ... I am doing some tests with this FreeBSD kvm > guest to act as a IDS. > > After changing some kernel network related options like > net.inet.tcp.recvspace, net.inet.tcp.sendspace, net.inet.tcp.sendbuf_max, these have nothing to do with netmap. But i just don't understand how the VM fits in the path -- does it act as a "bump in the wire" ie read from one interface and write to another one, or this is an IDS that protects services local to the guest ? Also which IDS you are running and how does it access traffic now ? > etc ... I am loosing too much packets ... Yes I know it: due to I am using > this freebsd host as a virtualized guest I can't expect really good results > ... but I have another linux virtualized host using pf_ring, and I don't > lose too much packets. The main difference is that in the linux server I > configured "enable_tx_capture=0" and "min_num_slots=65535" in pf_ring's > module. > > For this reason, I am thinking if it is possible to accomplish same or > similar type of configuration in netmap ... ok understood. you don't need those parameters, with netmap you basically cut the wire between the OS and the NIC and can read directly what comes from the wire on one ring, and what comes from the OS on another ring (and nothing goes through unless you explicitly write packets to the other side). cheers luigi